I use HMAC(ciphertext)+ciphertext for authenticated encryption.
The same key is used for both MAC and encryption.
Is that right? Is using separate keys for MAC and encryption necessary or any good?
...

Companies such as Barclays use cryptographic seeds (for their PINsentry system), RSA do the same for RSA SecurID, but how do they safely secure the seeds in the database.
With passwords you just hash ...

I have come up with the following rudimentary example of how ECC relates to asymmetric keys.
Is this a valid explanation of ECC and its relationship to asymmetry?
To only be deciphered by the person ...

I read that the following adaptation of the CFB block cipher mode into an authenticated mode is prone to chosen plaintext attacks, yet Im still unsure how to prove it:
Let $P_1,P_2,\ldots P_n$ be the ...

The embedded device is a low-power 8-bit microcontroller (memory usage is constrained to about 10kb code, 1kb ram). As the device is battery-powered and manual service should be minimal, more powerful ...

A sender wants to transmit an ultra secret code $M$ which could be either 'go', 'stop' or 'wait'. This could be any selection of code words really and adopted for any use such as transmitting short ...

I want to derive a 256 bit encryption key and a 256 bit MAC key from a single 256 bit master key for an authenticated encryption scheme.
I was considering the following construction to derive the two ...

Assuming all inputs are same length as rate except last can be shorter. Is it necessary to pad every input (not just last) to sponge for authenticated encryption to be secure?
Is this just, because ...

I use AES both CBC and CBC-MAC to encrypt some stuff. I generate one key for CBC and one different key for CBC-MAC.
Does the second key (for CBC-MAC) need to be secret?
How to join such key with the ...

What is the disadvantage of AES-GCM mode for authenticated encryption? Why does the CAESAR competition say that it’s one of the goals to find an AE scheme that offers an advantage over AES-GCM? What ...

While thinking about this recent question about a hash-then encrypt design, I reread the MAC-encrypt vs. encrypt-MAC question and noticed this answer quoting a paper showing that MAC-then-encrypt is ...

I have this scenario where I use Encrypt-then-MAC (AES256-CBC and HMAC-SHA256) with keys generated by a CSPRNG (specifically, SecureRandom in Java). I'd like to know which is better:
Use the CSPRNG ...

I'm trying to make a strong authentication software and embedded software in a java card. I have found many papers and publications about the subject… too much information to process and I'm working ...

I'm delivering shared secret with DH exchange, using a static key for signing and an ephemeral for session, so is there a point using GCM for encrypting the data, or is a simple CBC/CTR block cipher ...

Let's say there is a shared storage: USB flash drive, external HDD, or whatever you like. I'll refer to it as disk. Also, there are multiple parties, let's say Alice and Bob (may be thousands of them) ...

I was trying to implement zero knowledge protocol for authentication based on the paper "A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory".
...

I have been reading the Cryptographic sponge functions paper, but I'm still confused.
Does Keccak in authenticated encryption mode absorb ciphertext or plaintext?
Edit: Are there any test vectors to ...

I have doubts for the definition of the decryption algorithm $D(.)$. I think I've already seen that the decryption returns a plaintext $M$ on input the key $K$ and $C=E_K(M)$.
I have also seen thet ...

I'm in search of the correct definition of a stateful authenticated encryption scheme (sAE), and its related security notion. This has been treated several times in the academic literature, however, ...